No OneTemporary
Actions

Size

66 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/files/storage/PhabricatorFile.php b/src/applications/files/storage/PhabricatorFile.php
	index bd25fe4b57..247943b26a 100644
	--- a/src/applications/files/storage/PhabricatorFile.php
	+++ b/src/applications/files/storage/PhabricatorFile.php
	@@ -1,1370 +1,1392 @@
	<?php

	/**
	* Parameters
	* ==========
	*
	* When creating a new file using a method like @{method:newFromFileData}, these
	* parameters are supported:
	*
	* \| name \| Human readable filename.
	* \| authorPHID \| User PHID of uploader.
	* \| ttl \| Temporary file lifetime, in seconds.
	* \| viewPolicy \| File visibility policy.
	* \| isExplicitUpload \| Used to show users files they explicitly uploaded.
	* \| canCDN \| Allows the file to be cached and delivered over a CDN.
	* \| mime-type \| Optional, explicit file MIME type.
	* \| builtin \| Optional filename, identifies this as a builtin.
	*
	*/
	final class PhabricatorFile extends PhabricatorFileDAO
	implements
	PhabricatorApplicationTransactionInterface,
	PhabricatorTokenReceiverInterface,
	PhabricatorSubscribableInterface,
	PhabricatorFlaggableInterface,
	PhabricatorPolicyInterface,
	PhabricatorDestructibleInterface {

	const ONETIME_TEMPORARY_TOKEN_TYPE = 'file:onetime';
	const STORAGE_FORMAT_RAW = 'raw';

	const METADATA_IMAGE_WIDTH = 'width';
	const METADATA_IMAGE_HEIGHT = 'height';
	const METADATA_CAN_CDN = 'canCDN';
	const METADATA_BUILTIN = 'builtin';
	const METADATA_PARTIAL = 'partial';

	protected $name;
	protected $mimeType;
	protected $byteSize;
	protected $authorPHID;
	protected $secretKey;
	protected $contentHash;
	protected $metadata = array();
	protected $mailKey;

	protected $storageEngine;
	protected $storageFormat;
	protected $storageHandle;

	protected $ttl;
	protected $isExplicitUpload = 1;
	protected $viewPolicy = PhabricatorPolicies::POLICY_USER;
	protected $isPartial = 0;

	private $objects = self::ATTACHABLE;
	private $objectPHIDs = self::ATTACHABLE;
	private $originalFile = self::ATTACHABLE;

	public static function initializeNewFile() {
	$app = id(new PhabricatorApplicationQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withClasses(array('PhabricatorFilesApplication'))
	->executeOne();

	$view_policy = $app->getPolicy(
	FilesDefaultViewCapability::CAPABILITY);

	return id(new PhabricatorFile())
	->setViewPolicy($view_policy)
	->setIsPartial(0)
	->attachOriginalFile(null)
	->attachObjects(array())
	->attachObjectPHIDs(array());
	}

	protected function getConfiguration() {
	return array(
	self::CONFIG_AUX_PHID => true,
	self::CONFIG_SERIALIZATION => array(
	'metadata' => self::SERIALIZATION_JSON,
	),
	self::CONFIG_COLUMN_SCHEMA => array(
	'name' => 'text255?',
	'mimeType' => 'text255?',
	'byteSize' => 'uint64',
	'storageEngine' => 'text32',
	'storageFormat' => 'text32',
	'storageHandle' => 'text255',
	'authorPHID' => 'phid?',
	'secretKey' => 'bytes20?',
	'contentHash' => 'bytes40?',
	'ttl' => 'epoch?',
	'isExplicitUpload' => 'bool?',
	'mailKey' => 'bytes20',
	'isPartial' => 'bool',
	),
	self::CONFIG_KEY_SCHEMA => array(
	'key_phid' => null,
	'phid' => array(
	'columns' => array('phid'),
	'unique' => true,
	),
	'authorPHID' => array(
	'columns' => array('authorPHID'),
	),
	'contentHash' => array(
	'columns' => array('contentHash'),
	),
	'key_ttl' => array(
	'columns' => array('ttl'),
	),
	'key_dateCreated' => array(
	'columns' => array('dateCreated'),
	),
	'key_partial' => array(
	'columns' => array('authorPHID', 'isPartial'),
	),
	),
	) + parent::getConfiguration();
	}

	public function generatePHID() {
	return PhabricatorPHID::generateNewPHID(
	PhabricatorFileFilePHIDType::TYPECONST);
	}

	public function save() {
	if (!$this->getSecretKey()) {
	$this->setSecretKey($this->generateSecretKey());
	}
	if (!$this->getMailKey()) {
	$this->setMailKey(Filesystem::readRandomCharacters(20));
	}
	return parent::save();
	}

	public function getMonogram() {
	return 'F'.$this->getID();
	}

	public static function readUploadedFileData($spec) {
	if (!$spec) {
	throw new Exception('No file was uploaded!');
	}

	$err = idx($spec, 'error');
	if ($err) {
	throw new PhabricatorFileUploadException($err);
	}

	$tmp_name = idx($spec, 'tmp_name');
	$is_valid = @is_uploaded_file($tmp_name);
	if (!$is_valid) {
	throw new Exception('File is not an uploaded file.');
	}

	$file_data = Filesystem::readFile($tmp_name);
	$file_size = idx($spec, 'size');

	if (strlen($file_data) != $file_size) {
	throw new Exception('File size disagrees with uploaded size.');
	}

	return $file_data;
	}

	public static function newFromPHPUpload($spec, array $params = array()) {
	$file_data = self::readUploadedFileData($spec);

	$file_name = nonempty(
	idx($params, 'name'),
	idx($spec, 'name'));
	$params = array(
	'name' => $file_name,
	) + $params;

	return self::newFromFileData($file_data, $params);
	}

	public static function newFromXHRUpload($data, array $params = array()) {
	return self::newFromFileData($data, $params);
	}


	/**
	* Given a block of data, try to load an existing file with the same content
	* if one exists. If it does not, build a new file.
	*
	* This method is generally used when we have some piece of semi-trusted data
	* like a diff or a file from a repository that we want to show to the user.
	* We can't just dump it out because it may be dangerous for any number of
	* reasons; instead, we need to serve it through the File abstraction so it
	* ends up on the CDN domain if one is configured and so on. However, if we
	* simply wrote a new file every time we'd potentially end up with a lot
	* of redundant data in file storage.
	*
	* To solve these problems, we use file storage as a cache and reuse the
	* same file again if we've previously written it.
	*
	* NOTE: This method unguards writes.
	*
	* @param string Raw file data.
	* @param dict Dictionary of file information.
	*/
	public static function buildFromFileDataOrHash(
	$data,
	array $params = array()) {

	$file = id(new PhabricatorFile())->loadOneWhere(
	'name = %s AND contentHash = %s LIMIT 1',
	self::normalizeFileName(idx($params, 'name')),
	self::hashFileContent($data));

	if (!$file) {
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$file = PhabricatorFile::newFromFileData($data, $params);
	unset($unguarded);
	}

	return $file;
	}

	public static function newFileFromContentHash($hash, array $params) {
	// Check to see if a file with same contentHash exist
	$file = id(new PhabricatorFile())->loadOneWhere(
	'contentHash = %s LIMIT 1',
	$hash);

	if ($file) {
	// copy storageEngine, storageHandle, storageFormat
	$copy_of_storage_engine = $file->getStorageEngine();
	$copy_of_storage_handle = $file->getStorageHandle();
	$copy_of_storage_format = $file->getStorageFormat();
	$copy_of_byte_size = $file->getByteSize();
	$copy_of_mime_type = $file->getMimeType();

	$new_file = PhabricatorFile::initializeNewFile();

	$new_file->setByteSize($copy_of_byte_size);

	$new_file->setContentHash($hash);
	$new_file->setStorageEngine($copy_of_storage_engine);
	$new_file->setStorageHandle($copy_of_storage_handle);
	$new_file->setStorageFormat($copy_of_storage_format);
	$new_file->setMimeType($copy_of_mime_type);
	$new_file->copyDimensions($file);

	$new_file->readPropertiesFromParameters($params);

	$new_file->save();

	return $new_file;
	}

	return $file;
	}

	public static function newChunkedFile(
	PhabricatorFileStorageEngine $engine,
	$length,
	array $params) {

	$file = PhabricatorFile::initializeNewFile();

	$file->setByteSize($length);

	// TODO: We might be able to test the first chunk in order to figure
	// this out more reliably, since MIME detection usually examines headers.
	// However, enormous files are probably always either actually raw data
	// or reasonable to treat like raw data.
	$file->setMimeType('application/octet-stream');

	$chunked_hash = idx($params, 'chunkedHash');
	if ($chunked_hash) {
	$file->setContentHash($chunked_hash);
	} else {
	// See PhabricatorChunkedFileStorageEngine::getChunkedHash() for some
	// discussion of this.
	$seed = Filesystem::readRandomBytes(64);
	$hash = PhabricatorChunkedFileStorageEngine::getChunkedHashForInput(
	$seed);
	$file->setContentHash($hash);
	}

	$file->setStorageEngine($engine->getEngineIdentifier());
	$file->setStorageHandle(PhabricatorFileChunk::newChunkHandle());
	$file->setStorageFormat(self::STORAGE_FORMAT_RAW);
	$file->setIsPartial(1);

	$file->readPropertiesFromParameters($params);

	return $file;
	}

	private static function buildFromFileData($data, array $params = array()) {

	if (isset($params['storageEngines'])) {
	$engines = $params['storageEngines'];
	} else {
	$size = strlen($data);
	$engines = PhabricatorFileStorageEngine::loadStorageEngines($size);

	if (!$engines) {
	throw new Exception(
	pht(
	'No configured storage engine can store this file. See '.
	'"Configuring File Storage" in the documentation for '.
	'information on configuring storage engines.'));
	}
	}

	assert_instances_of($engines, 'PhabricatorFileStorageEngine');
	if (!$engines) {
	throw new Exception(pht('No valid storage engines are available!'));
	}

	$file = PhabricatorFile::initializeNewFile();

	$data_handle = null;
	$engine_identifier = null;
	$exceptions = array();
	foreach ($engines as $engine) {
	$engine_class = get_class($engine);
	try {
	list($engine_identifier, $data_handle) = $file->writeToEngine(
	$engine,
	$data,
	$params);

	// We stored the file somewhere so stop trying to write it to other
	// places.
	break;
	} catch (PhabricatorFileStorageConfigurationException $ex) {
	// If an engine is outright misconfigured (or misimplemented), raise
	// that immediately since it probably needs attention.
	throw $ex;
	} catch (Exception $ex) {
	phlog($ex);

	// If an engine doesn't work, keep trying all the other valid engines
	// in case something else works.
	$exceptions[$engine_class] = $ex;
	}
	}

	if (!$data_handle) {
	throw new PhutilAggregateException(
	'All storage engines failed to write file:',
	$exceptions);
	}

	$file->setByteSize(strlen($data));
	$file->setContentHash(self::hashFileContent($data));

	$file->setStorageEngine($engine_identifier);
	$file->setStorageHandle($data_handle);

	// TODO: This is probably YAGNI, but allows for us to do encryption or
	// compression later if we want.
	$file->setStorageFormat(self::STORAGE_FORMAT_RAW);

	$file->readPropertiesFromParameters($params);

	if (!$file->getMimeType()) {
	$tmp = new TempFile();
	Filesystem::writeFile($tmp, $data);
	$file->setMimeType(Filesystem::getMimeType($tmp));
	}

	try {
	$file->updateDimensions(false);
	} catch (Exception $ex) {
	// Do nothing
	}

	$file->save();

	return $file;
	}

	public static function newFromFileData($data, array $params = array()) {
	$hash = self::hashFileContent($data);
	$file = self::newFileFromContentHash($hash, $params);

	if ($file) {
	return $file;
	}

	return self::buildFromFileData($data, $params);
	}

	public function migrateToEngine(PhabricatorFileStorageEngine $engine) {
	if (!$this->getID() \|\| !$this->getStorageHandle()) {
	throw new Exception(
	"You can not migrate a file which hasn't yet been saved.");
	}

	$data = $this->loadFileData();
	$params = array(
	'name' => $this->getName(),
	);

	list($new_identifier, $new_handle) = $this->writeToEngine(
	$engine,
	$data,
	$params);

	$old_engine = $this->instantiateStorageEngine();
	$old_identifier = $this->getStorageEngine();
	$old_handle = $this->getStorageHandle();

	$this->setStorageEngine($new_identifier);
	$this->setStorageHandle($new_handle);
	$this->save();

	$this->deleteFileDataIfUnused(
	$old_engine,
	$old_identifier,
	$old_handle);

	return $this;
	}

	private function writeToEngine(
	PhabricatorFileStorageEngine $engine,
	$data,
	array $params) {

	$engine_class = get_class($engine);

	$data_handle = $engine->writeFile($data, $params);

	if (!$data_handle \|\| strlen($data_handle) > 255) {
	// This indicates an improperly implemented storage engine.
	throw new PhabricatorFileStorageConfigurationException(
	"Storage engine '{$engine_class}' executed writeFile() but did ".
	"not return a valid handle ('{$data_handle}') to the data: it ".
	"must be nonempty and no longer than 255 characters.");
	}

	$engine_identifier = $engine->getEngineIdentifier();
	if (!$engine_identifier \|\| strlen($engine_identifier) > 32) {
	throw new PhabricatorFileStorageConfigurationException(
	"Storage engine '{$engine_class}' returned an improper engine ".
	"identifier '{$engine_identifier}': it must be nonempty ".
	"and no longer than 32 characters.");
	}

	return array($engine_identifier, $data_handle);
	}


	/**
	* Download a remote resource over HTTP and save the response body as a file.
	*
	* This method respects `security.outbound-blacklist`, and protects against
	* HTTP redirection (by manually following "Location" headers and verifying
	* each destination). It does not protect against DNS rebinding. See
	* discussion in T6755.
	*/
	public static function newFromFileDownload($uri, array $params = array()) {
	$timeout = 5;

	$redirects = array();
	$current = $uri;
	while (true) {
	try {
	if (count($redirects) > 10) {
	throw new Exception(
	pht('Too many redirects trying to fetch remote URI.'));
	}

	- PhabricatorEnv::requireValidRemoteURIForFetch(
	+ $resolved = PhabricatorEnv::requireValidRemoteURIForFetch(
	$current,
	array(
	'http',
	'https',
	));

	- list($status, $body, $headers) = id(new HTTPSFuture($current))
	+ list($resolved_uri, $resolved_domain) = $resolved;
	+
	+ $current = new PhutilURI($current);
	+ if ($current->getProtocol() == 'http') {
	+ // For HTTP, we can use a pre-resolved URI to defuse DNS rebinding.
	+ $fetch_uri = $resolved_uri;
	+ $fetch_host = $resolved_domain;
	+ } else {
	+ // For HTTPS, we can't: cURL won't verify the SSL certificate if
	+ // the domain has been replaced with an IP. But internal services
	+ // presumably will not have valid certificates for rebindable
	+ // domain names on attacker-controlled domains, so the DNS rebinding
	+ // attack should generally not be possible anyway.
	+ $fetch_uri = $current;
	+ $fetch_host = null;
	+ }
	+
	+ $future = id(new HTTPSFuture($fetch_uri))
	->setFollowLocation(false)
	- ->setTimeout($timeout)
	- ->resolve();
	+ ->setTimeout($timeout);
	+
	+ if ($fetch_host !== null) {
	+ $future->addHeader('Host', $fetch_host);
	+ }
	+
	+ list($status, $body, $headers) = $future->resolve();

	if ($status->isRedirect()) {
	// This is an HTTP 3XX status, so look for a "Location" header.
	$location = null;
	foreach ($headers as $header) {
	list($name, $value) = $header;
	if (phutil_utf8_strtolower($name) == 'location') {
	$location = $value;
	break;
	}
	}

	// HTTP 3XX status with no "Location" header, just treat this like
	// a normal HTTP error.
	if ($location === null) {
	throw $status;
	}

	if (isset($redirects[$location])) {
	throw new Exception(
	pht(
	'Encountered loop while following redirects.'));
	}

	$redirects[$location] = $location;
	$current = $location;
	// We'll fall off the bottom and go try this URI now.
	} else if ($status->isError()) {
	// This is something other than an HTTP 2XX or HTTP 3XX status, so
	// just bail out.
	throw $status;
	} else {
	// This is HTTP 2XX, so use the the response body to save the
	// file data.
	$params = $params + array(
	'name' => basename($uri),
	);

	return self::newFromFileData($body, $params);
	}
	} catch (Exception $ex) {
	if ($redirects) {
	throw new PhutilProxyException(
	pht(
	'Failed to fetch remote URI "%s" after following %s redirect(s) '.
	'(%s): %s',
	$uri,
	new PhutilNumber(count($redirects)),
	implode(' > ', array_keys($redirects)),
	$ex->getMessage()),
	$ex);
	} else {
	throw $ex;
	}
	}
	}
	}

	public static function normalizeFileName($file_name) {
	$pattern = "@[\\x00-\\x19#%&+!~'\$\"\/=\\\\?<> ]+@";
	$file_name = preg_replace($pattern, '_', $file_name);
	$file_name = preg_replace('@_+@', '_', $file_name);
	$file_name = trim($file_name, '_');

	$disallowed_filenames = array(
	'.' => 'dot',
	'..' => 'dotdot',
	'' => 'file',
	);
	$file_name = idx($disallowed_filenames, $file_name, $file_name);

	return $file_name;
	}

	public function delete() {
	// We want to delete all the rows which mark this file as the transformation
	// of some other file (since we're getting rid of it). We also delete all
	// the transformations of this file, so that a user who deletes an image
	// doesn't need to separately hunt down and delete a bunch of thumbnails and
	// resizes of it.

	$outbound_xforms = id(new PhabricatorFileQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withTransforms(
	array(
	array(
	'originalPHID' => $this->getPHID(),
	'transform' => true,
	),
	))
	->execute();

	foreach ($outbound_xforms as $outbound_xform) {
	$outbound_xform->delete();
	}

	$inbound_xforms = id(new PhabricatorTransformedFile())->loadAllWhere(
	'transformedPHID = %s',
	$this->getPHID());

	$this->openTransaction();
	foreach ($inbound_xforms as $inbound_xform) {
	$inbound_xform->delete();
	}
	$ret = parent::delete();
	$this->saveTransaction();

	$this->deleteFileDataIfUnused(
	$this->instantiateStorageEngine(),
	$this->getStorageEngine(),
	$this->getStorageHandle());

	return $ret;
	}


	/**
	* Destroy stored file data if there are no remaining files which reference
	* it.
	*/
	public function deleteFileDataIfUnused(
	PhabricatorFileStorageEngine $engine,
	$engine_identifier,
	$handle) {

	// Check to see if any files are using storage.
	$usage = id(new PhabricatorFile())->loadAllWhere(
	'storageEngine = %s AND storageHandle = %s LIMIT 1',
	$engine_identifier,
	$handle);

	// If there are no files using the storage, destroy the actual storage.
	if (!$usage) {
	try {
	$engine->deleteFile($handle);
	} catch (Exception $ex) {
	// In the worst case, we're leaving some data stranded in a storage
	// engine, which is not a big deal.
	phlog($ex);
	}
	}
	}


	public static function hashFileContent($data) {
	return sha1($data);
	}

	public function loadFileData() {

	$engine = $this->instantiateStorageEngine();
	$data = $engine->readFile($this->getStorageHandle());

	switch ($this->getStorageFormat()) {
	case self::STORAGE_FORMAT_RAW:
	$data = $data;
	break;
	default:
	throw new Exception('Unknown storage format.');
	}

	return $data;
	}


	/**
	* Return an iterable which emits file content bytes.
	*
	* @param int Offset for the start of data.
	* @param int Offset for the end of data.
	* @return Iterable Iterable object which emits requested data.
	*/
	public function getFileDataIterator($begin = null, $end = null) {
	$engine = $this->instantiateStorageEngine();
	return $engine->getFileDataIterator($this, $begin, $end);
	}


	public function getViewURI() {
	if (!$this->getPHID()) {
	throw new Exception(
	'You must save a file before you can generate a view URI.');
	}

	return $this->getCDNURI(null);
	}

	private function getCDNURI($token) {
	$name = phutil_escape_uri($this->getName());

	$parts = array();
	$parts[] = 'file';
	$parts[] = 'data';

	// If this is an instanced install, add the instance identifier to the URI.
	// Instanced configurations behind a CDN may not be able to control the
	// request domain used by the CDN (as with AWS CloudFront). Embedding the
	// instance identity in the path allows us to distinguish between requests
	// originating from different instances but served through the same CDN.
	$instance = PhabricatorEnv::getEnvConfig('cluster.instance');
	if (strlen($instance)) {
	$parts[] = '@'.$instance;
	}

	$parts[] = $this->getSecretKey();
	$parts[] = $this->getPHID();
	if ($token) {
	$parts[] = $token;
	}
	$parts[] = $name;

	$path = '/'.implode('/', $parts);

	// If this file is only partially uploaded, we're just going to return a
	// local URI to make sure that Ajax works, since the page is inevitably
	// going to give us an error back.
	if ($this->getIsPartial()) {
	return PhabricatorEnv::getURI($path);
	} else {
	return PhabricatorEnv::getCDNURI($path);
	}
	}

	/**
	* Get the CDN URI for this file, including a one-time-use security token.
	*
	*/
	public function getCDNURIWithToken() {
	if (!$this->getPHID()) {
	throw new Exception(
	'You must save a file before you can generate a CDN URI.');
	}

	return $this->getCDNURI($this->generateOneTimeToken());
	}


	public function getInfoURI() {
	return '/'.$this->getMonogram();
	}

	public function getBestURI() {
	if ($this->isViewableInBrowser()) {
	return $this->getViewURI();
	} else {
	return $this->getInfoURI();
	}
	}

	public function getDownloadURI() {
	$uri = id(new PhutilURI($this->getViewURI()))
	->setQueryParam('download', true);
	return (string) $uri;
	}

	private function getTransformedURI($transform) {
	$parts = array();
	$parts[] = 'file';
	$parts[] = 'xform';

	$instance = PhabricatorEnv::getEnvConfig('cluster.instance');
	if (strlen($instance)) {
	$parts[] = '@'.$instance;
	}

	$parts[] = $transform;
	$parts[] = $this->getPHID();
	$parts[] = $this->getSecretKey();

	$path = implode('/', $parts);
	$path = $path.'/';

	return PhabricatorEnv::getCDNURI($path);
	}

	public function getProfileThumbURI() {
	return $this->getTransformedURI('thumb-profile');
	}

	public function getThumb60x45URI() {
	return $this->getTransformedURI('thumb-60x45');
	}

	public function getThumb160x120URI() {
	return $this->getTransformedURI('thumb-160x120');
	}

	public function getPreview100URI() {
	return $this->getTransformedURI('preview-100');
	}

	public function getPreview220URI() {
	return $this->getTransformedURI('preview-220');
	}

	public function getThumb220x165URI() {
	return $this->getTransfomredURI('thumb-220x165');
	}

	public function getThumb280x210URI() {
	return $this->getTransformedURI('thumb-280x210');
	}

	public function isViewableInBrowser() {
	return ($this->getViewableMimeType() !== null);
	}

	public function isViewableImage() {
	if (!$this->isViewableInBrowser()) {
	return false;
	}

	$mime_map = PhabricatorEnv::getEnvConfig('files.image-mime-types');
	$mime_type = $this->getMimeType();
	return idx($mime_map, $mime_type);
	}

	public function isAudio() {
	if (!$this->isViewableInBrowser()) {
	return false;
	}

	$mime_map = PhabricatorEnv::getEnvConfig('files.audio-mime-types');
	$mime_type = $this->getMimeType();
	return idx($mime_map, $mime_type);
	}

	public function isTransformableImage() {
	// NOTE: The way the 'gd' extension works in PHP is that you can install it
	// with support for only some file types, so it might be able to handle
	// PNG but not JPEG. Try to generate thumbnails for whatever we can. Setup
	// warns you if you don't have complete support.

	$matches = null;
	$ok = preg_match(
	'@^image/(gif\|png\|jpe?g)@',
	$this->getViewableMimeType(),
	$matches);
	if (!$ok) {
	return false;
	}

	switch ($matches[1]) {
	case 'jpg';
	case 'jpeg':
	return function_exists('imagejpeg');
	break;
	case 'png':
	return function_exists('imagepng');
	break;
	case 'gif':
	return function_exists('imagegif');
	break;
	default:
	throw new Exception('Unknown type matched as image MIME type.');
	}
	}

	public static function getTransformableImageFormats() {
	$supported = array();

	if (function_exists('imagejpeg')) {
	$supported[] = 'jpg';
	}

	if (function_exists('imagepng')) {
	$supported[] = 'png';
	}

	if (function_exists('imagegif')) {
	$supported[] = 'gif';
	}

	return $supported;
	}

	public function instantiateStorageEngine() {
	return self::buildEngine($this->getStorageEngine());
	}

	public static function buildEngine($engine_identifier) {
	$engines = self::buildAllEngines();
	foreach ($engines as $engine) {
	if ($engine->getEngineIdentifier() == $engine_identifier) {
	return $engine;
	}
	}

	throw new Exception(
	"Storage engine '{$engine_identifier}' could not be located!");
	}

	public static function buildAllEngines() {
	$engines = id(new PhutilSymbolLoader())
	->setType('class')
	->setConcreteOnly(true)
	->setAncestorClass('PhabricatorFileStorageEngine')
	->selectAndLoadSymbols();

	$results = array();
	foreach ($engines as $engine_class) {
	$results[] = newv($engine_class['name'], array());
	}

	return $results;
	}

	public function getViewableMimeType() {
	$mime_map = PhabricatorEnv::getEnvConfig('files.viewable-mime-types');

	$mime_type = $this->getMimeType();
	$mime_parts = explode(';', $mime_type);
	$mime_type = trim(reset($mime_parts));

	return idx($mime_map, $mime_type);
	}

	public function getDisplayIconForMimeType() {
	$mime_map = PhabricatorEnv::getEnvConfig('files.icon-mime-types');
	$mime_type = $this->getMimeType();
	return idx($mime_map, $mime_type, 'fa-file-o');
	}

	public function validateSecretKey($key) {
	return ($key == $this->getSecretKey());
	}

	public function generateSecretKey() {
	return Filesystem::readRandomCharacters(20);
	}

	public function updateDimensions($save = true) {
	if (!$this->isViewableImage()) {
	throw new Exception(
	'This file is not a viewable image.');
	}

	if (!function_exists('imagecreatefromstring')) {
	throw new Exception(
	'Cannot retrieve image information.');
	}

	$data = $this->loadFileData();

	$img = imagecreatefromstring($data);
	if ($img === false) {
	throw new Exception(
	'Error when decoding image.');
	}

	$this->metadata[self::METADATA_IMAGE_WIDTH] = imagesx($img);
	$this->metadata[self::METADATA_IMAGE_HEIGHT] = imagesy($img);

	if ($save) {
	$this->save();
	}

	return $this;
	}

	public function copyDimensions(PhabricatorFile $file) {
	$metadata = $file->getMetadata();
	$width = idx($metadata, self::METADATA_IMAGE_WIDTH);
	if ($width) {
	$this->metadata[self::METADATA_IMAGE_WIDTH] = $width;
	}
	$height = idx($metadata, self::METADATA_IMAGE_HEIGHT);
	if ($height) {
	$this->metadata[self::METADATA_IMAGE_HEIGHT] = $height;
	}

	return $this;
	}


	/**
	* Load (or build) the {@class:PhabricatorFile} objects for builtin file
	* resources. The builtin mechanism allows files shipped with Phabricator
	* to be treated like normal files so that APIs do not need to special case
	* things like default images or deleted files.
	*
	* Builtins are located in `resources/builtin/` and identified by their
	* name.
	*
	* @param PhabricatorUser Viewing user.
	* @param list<string> List of builtin file names.
	* @return dict<string, PhabricatorFile> Dictionary of named builtins.
	*/
	public static function loadBuiltins(PhabricatorUser $user, array $names) {
	$specs = array();
	foreach ($names as $name) {
	$specs[] = array(
	'originalPHID' => PhabricatorPHIDConstants::PHID_VOID,
	'transform' => 'builtin:'.$name,
	);
	}

	// NOTE: Anyone is allowed to access builtin files.

	$files = id(new PhabricatorFileQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withTransforms($specs)
	->execute();

	$files = mpull($files, null, 'getName');

	$root = dirname(phutil_get_library_root('phabricator'));
	$root = $root.'/resources/builtin/';

	$build = array();
	foreach ($names as $name) {
	if (isset($files[$name])) {
	continue;
	}

	// This is just a sanity check to prevent loading arbitrary files.
	if (basename($name) != $name) {
	throw new Exception("Invalid builtin name '{$name}'!");
	}

	$path = $root.$name;

	if (!Filesystem::pathExists($path)) {
	throw new Exception("Builtin '{$path}' does not exist!");
	}

	$data = Filesystem::readFile($path);
	$params = array(
	'name' => $name,
	'ttl' => time() + (60 * 60 * 24 * 7),
	'canCDN' => true,
	'builtin' => $name,
	);

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$file = PhabricatorFile::newFromFileData($data, $params);
	$xform = id(new PhabricatorTransformedFile())
	->setOriginalPHID(PhabricatorPHIDConstants::PHID_VOID)
	->setTransform('builtin:'.$name)
	->setTransformedPHID($file->getPHID())
	->save();
	unset($unguarded);

	$file->attachObjectPHIDs(array());
	$file->attachObjects(array());

	$files[$name] = $file;
	}

	return $files;
	}


	/**
	* Convenience wrapper for @{method:loadBuiltins}.
	*
	* @param PhabricatorUser Viewing user.
	* @param string Single builtin name to load.
	* @return PhabricatorFile Corresponding builtin file.
	*/
	public static function loadBuiltin(PhabricatorUser $user, $name) {
	return idx(self::loadBuiltins($user, array($name)), $name);
	}

	public function getObjects() {
	return $this->assertAttached($this->objects);
	}

	public function attachObjects(array $objects) {
	$this->objects = $objects;
	return $this;
	}

	public function getObjectPHIDs() {
	return $this->assertAttached($this->objectPHIDs);
	}

	public function attachObjectPHIDs(array $object_phids) {
	$this->objectPHIDs = $object_phids;
	return $this;
	}

	public function getOriginalFile() {
	return $this->assertAttached($this->originalFile);
	}

	public function attachOriginalFile(PhabricatorFile $file = null) {
	$this->originalFile = $file;
	return $this;
	}

	public function getImageHeight() {
	if (!$this->isViewableImage()) {
	return null;
	}
	return idx($this->metadata, self::METADATA_IMAGE_HEIGHT);
	}

	public function getImageWidth() {
	if (!$this->isViewableImage()) {
	return null;
	}
	return idx($this->metadata, self::METADATA_IMAGE_WIDTH);
	}

	public function getCanCDN() {
	if (!$this->isViewableImage()) {
	return false;
	}

	return idx($this->metadata, self::METADATA_CAN_CDN);
	}

	public function setCanCDN($can_cdn) {
	$this->metadata[self::METADATA_CAN_CDN] = $can_cdn ? 1 : 0;
	return $this;
	}

	public function isBuiltin() {
	return ($this->getBuiltinName() !== null);
	}

	public function getBuiltinName() {
	return idx($this->metadata, self::METADATA_BUILTIN);
	}

	public function setBuiltinName($name) {
	$this->metadata[self::METADATA_BUILTIN] = $name;
	return $this;
	}

	protected function generateOneTimeToken() {
	$key = Filesystem::readRandomCharacters(16);

	// Save the new secret.
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$token = id(new PhabricatorAuthTemporaryToken())
	->setObjectPHID($this->getPHID())
	->setTokenType(self::ONETIME_TEMPORARY_TOKEN_TYPE)
	->setTokenExpires(time() + phutil_units('1 hour in seconds'))
	->setTokenCode(PhabricatorHash::digest($key))
	->save();
	unset($unguarded);

	return $key;
	}

	public function validateOneTimeToken($token_code) {
	$token = id(new PhabricatorAuthTemporaryTokenQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withObjectPHIDs(array($this->getPHID()))
	->withTokenTypes(array(self::ONETIME_TEMPORARY_TOKEN_TYPE))
	->withExpired(false)
	->withTokenCodes(array(PhabricatorHash::digest($token_code)))
	->executeOne();

	return $token;
	}


	/**
	* Write the policy edge between this file and some object.
	*
	* @param phid Object PHID to attach to.
	* @return this
	*/
	public function attachToObject($phid) {
	$edge_type = PhabricatorObjectHasFileEdgeType::EDGECONST;

	id(new PhabricatorEdgeEditor())
	->addEdge($phid, $edge_type, $this->getPHID())
	->save();

	return $this;
	}


	/**
	* Remove the policy edge between this file and some object.
	*
	* @param phid Object PHID to detach from.
	* @return this
	*/
	public function detachFromObject($phid) {
	$edge_type = PhabricatorObjectHasFileEdgeType::EDGECONST;

	id(new PhabricatorEdgeEditor())
	->removeEdge($phid, $edge_type, $this->getPHID())
	->save();

	return $this;
	}


	/**
	* Configure a newly created file object according to specified parameters.
	*
	* This method is called both when creating a file from fresh data, and
	* when creating a new file which reuses existing storage.
	*
	* @param map<string, wild> Bag of parameters, see @{class:PhabricatorFile}
	* for documentation.
	* @return this
	*/
	private function readPropertiesFromParameters(array $params) {
	$file_name = idx($params, 'name');
	$file_name = self::normalizeFileName($file_name);
	$this->setName($file_name);

	$author_phid = idx($params, 'authorPHID');
	$this->setAuthorPHID($author_phid);

	$file_ttl = idx($params, 'ttl');
	$this->setTtl($file_ttl);

	$view_policy = idx($params, 'viewPolicy');
	if ($view_policy) {
	$this->setViewPolicy($params['viewPolicy']);
	}

	$is_explicit = (idx($params, 'isExplicitUpload') ? 1 : 0);
	$this->setIsExplicitUpload($is_explicit);

	$can_cdn = idx($params, 'canCDN');
	if ($can_cdn) {
	$this->setCanCDN(true);
	}

	$builtin = idx($params, 'builtin');
	if ($builtin) {
	$this->setBuiltinName($builtin);
	}

	$mime_type = idx($params, 'mime-type');
	if ($mime_type) {
	$this->setMimeType($mime_type);
	}

	return $this;
	}

	public function getRedirectResponse() {
	$uri = $this->getBestURI();

	// TODO: This is a bit iffy. Sometimes, getBestURI() returns a CDN URI
	// (if the file is a viewable image) and sometimes a local URI (if not).
	// For now, just detect which one we got and configure the response
	// appropriately. In the long run, if this endpoint is served from a CDN
	// domain, we can't issue a local redirect to an info URI (which is not
	// present on the CDN domain). We probably never actually issue local
	// redirects here anyway, since we only ever transform viewable images
	// right now.

	$is_external = strlen(id(new PhutilURI($uri))->getDomain());

	return id(new AphrontRedirectResponse())
	->setIsExternal($is_external)
	->setURI($uri);
	}


	/* -( PhabricatorApplicationTransactionInterface )------------------------- */


	public function getApplicationTransactionEditor() {
	return new PhabricatorFileEditor();
	}

	public function getApplicationTransactionObject() {
	return $this;
	}

	public function getApplicationTransactionTemplate() {
	return new PhabricatorFileTransaction();
	}

	public function willRenderTimeline(
	PhabricatorApplicationTransactionView $timeline,
	AphrontRequest $request) {

	return $timeline;
	}


	/* -( PhabricatorPolicyInterface Implementation )-------------------------- */


	public function getCapabilities() {
	return array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	);
	}

	public function getPolicy($capability) {
	switch ($capability) {
	case PhabricatorPolicyCapability::CAN_VIEW:
	if ($this->isBuiltin()) {
	return PhabricatorPolicies::getMostOpenPolicy();
	}
	return $this->getViewPolicy();
	case PhabricatorPolicyCapability::CAN_EDIT:
	return PhabricatorPolicies::POLICY_NOONE;
	}
	}

	public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
	$viewer_phid = $viewer->getPHID();
	if ($viewer_phid) {
	if ($this->getAuthorPHID() == $viewer_phid) {
	return true;
	}
	}

	switch ($capability) {
	case PhabricatorPolicyCapability::CAN_VIEW:
	// If you can see the file this file is a transform of, you can see
	// this file.
	if ($this->getOriginalFile()) {
	return true;
	}

	// If you can see any object this file is attached to, you can see
	// the file.
	return (count($this->getObjects()) > 0);
	}

	return false;
	}

	public function describeAutomaticCapability($capability) {
	$out = array();
	$out[] = pht('The user who uploaded a file can always view and edit it.');
	switch ($capability) {
	case PhabricatorPolicyCapability::CAN_VIEW:
	$out[] = pht(
	'Files attached to objects are visible to users who can view '.
	'those objects.');
	$out[] = pht(
	'Thumbnails are visible only to users who can view the original '.
	'file.');
	break;
	}

	return $out;
	}


	/* -( PhabricatorSubscribableInterface Implementation )-------------------- */


	public function isAutomaticallySubscribed($phid) {
	return ($this->authorPHID == $phid);
	}

	public function shouldShowSubscribersProperty() {
	return true;
	}

	public function shouldAllowSubscription($phid) {
	return true;
	}


	/* -( PhabricatorTokenReceiverInterface )---------------------------------- */


	public function getUsersToNotifyOfTokenGiven() {
	return array(
	$this->getAuthorPHID(),
	);
	}


	/* -( PhabricatorDestructibleInterface )----------------------------------- */


	public function destroyObjectPermanently(
	PhabricatorDestructionEngine $engine) {

	$this->openTransaction();
	$this->delete();
	$this->saveTransaction();
	}

	}
	diff --git a/src/infrastructure/env/PhabricatorEnv.php b/src/infrastructure/env/PhabricatorEnv.php
	index cc804b5589..05ab7c677d 100644
	--- a/src/infrastructure/env/PhabricatorEnv.php
	+++ b/src/infrastructure/env/PhabricatorEnv.php
	@@ -1,871 +1,876 @@
	<?php

	/**
	* Manages the execution environment configuration, exposing APIs to read
	* configuration settings and other similar values that are derived directly
	* from configuration settings.
	*
	*
	* = Reading Configuration =
	*
	* The primary role of this class is to provide an API for reading
	* Phabricator configuration, @{method:getEnvConfig}:
	*
	* $value = PhabricatorEnv::getEnvConfig('some.key', $default);
	*
	* The class also handles some URI construction based on configuration, via
	* the methods @{method:getURI}, @{method:getProductionURI},
	* @{method:getCDNURI}, and @{method:getDoclink}.
	*
	* For configuration which allows you to choose a class to be responsible for
	* some functionality (e.g., which mail adapter to use to deliver email),
	* @{method:newObjectFromConfig} provides a simple interface that validates
	* the configured value.
	*
	*
	* = Unit Test Support =
	*
	* In unit tests, you can use @{method:beginScopedEnv} to create a temporary,
	* mutable environment. The method returns a scope guard object which restores
	* the environment when it is destroyed. For example:
	*
	* public function testExample() {
	* $env = PhabricatorEnv::beginScopedEnv();
	* $env->overrideEnv('some.key', 'new-value-for-this-test');
	*
	* // Some test which depends on the value of 'some.key'.
	*
	* }
	*
	* Your changes will persist until the `$env` object leaves scope or is
	* destroyed.
	*
	* You should //not// use this in normal code.
	*
	*
	* @task read Reading Configuration
	* @task uri URI Validation
	* @task test Unit Test Support
	* @task internal Internals
	*/
	final class PhabricatorEnv {

	private static $sourceStack;
	private static $repairSource;
	private static $overrideSource;
	private static $requestBaseURI;
	private static $cache;
	private static $localeCode;

	/**
	* @phutil-external-symbol class PhabricatorStartup
	*/
	public static function initializeWebEnvironment() {
	self::initializeCommonEnvironment();
	}

	public static function initializeScriptEnvironment() {
	self::initializeCommonEnvironment();

	// NOTE: This is dangerous in general, but we know we're in a script context
	// and are not vulnerable to CSRF.
	AphrontWriteGuard::allowDangerousUnguardedWrites(true);

	// There are several places where we log information (about errors, events,
	// service calls, etc.) for analysis via DarkConsole or similar. These are
	// useful for web requests, but grow unboundedly in long-running scripts and
	// daemons. Discard data as it arrives in these cases.
	PhutilServiceProfiler::getInstance()->enableDiscardMode();
	DarkConsoleErrorLogPluginAPI::enableDiscardMode();
	DarkConsoleEventPluginAPI::enableDiscardMode();
	}


	private static function initializeCommonEnvironment() {
	PhutilErrorHandler::initialize();

	self::buildConfigurationSourceStack();

	// Force a valid timezone. If both PHP and Phabricator configuration are
	// invalid, use UTC.
	$tz = PhabricatorEnv::getEnvConfig('phabricator.timezone');
	if ($tz) {
	@date_default_timezone_set($tz);
	}
	$ok = @date_default_timezone_set(date_default_timezone_get());
	if (!$ok) {
	date_default_timezone_set('UTC');
	}

	// Prepend '/support/bin' and append any paths to $PATH if we need to.
	$env_path = getenv('PATH');
	$phabricator_path = dirname(phutil_get_library_root('phabricator'));
	$support_path = $phabricator_path.'/support/bin';
	$env_path = $support_path.PATH_SEPARATOR.$env_path;
	$append_dirs = PhabricatorEnv::getEnvConfig('environment.append-paths');
	if (!empty($append_dirs)) {
	$append_path = implode(PATH_SEPARATOR, $append_dirs);
	$env_path = $env_path.PATH_SEPARATOR.$append_path;
	}
	putenv('PATH='.$env_path);

	// Write this back into $_ENV, too, so ExecFuture picks it up when creating
	// subprocess environments.
	$_ENV['PATH'] = $env_path;


	// If an instance identifier is defined, write it into the environment so
	// it's available to subprocesses.
	$instance = PhabricatorEnv::getEnvConfig('cluster.instance');
	if (strlen($instance)) {
	putenv('PHABRICATOR_INSTANCE='.$instance);
	$_ENV['PHABRICATOR_INSTANCE'] = $instance;
	}

	PhabricatorEventEngine::initialize();

	// TODO: Add a "locale.default" config option once we have some reasonable
	// defaults which aren't silly nonsense.
	self::setLocaleCode('en_US');
	}

	public static function setLocaleCode($locale_code) {
	if ($locale_code == self::$localeCode) {
	return;
	}

	try {
	$locale = PhutilLocale::loadLocale($locale_code);
	$translations = PhutilTranslation::getTranslationMapForLocale(
	$locale_code);

	$override = PhabricatorEnv::getEnvConfig('translation.override');
	if (!is_array($override)) {
	$override = array();
	}

	PhutilTranslator::getInstance()
	->setLocale($locale)
	->setTranslations($override + $translations);

	self::$localeCode = $locale_code;
	} catch (Exception $ex) {
	// Just ignore this; the user likely has an out-of-date locale code.
	}
	}

	private static function buildConfigurationSourceStack() {
	self::dropConfigCache();

	$stack = new PhabricatorConfigStackSource();
	self::$sourceStack = $stack;

	$default_source = id(new PhabricatorConfigDefaultSource())
	->setName(pht('Global Default'));
	$stack->pushSource($default_source);

	$env = self::getSelectedEnvironmentName();
	if ($env) {
	$stack->pushSource(
	id(new PhabricatorConfigFileSource($env))
	->setName(pht("File '%s'", $env)));
	}

	$stack->pushSource(
	id(new PhabricatorConfigLocalSource())
	->setName(pht('Local Config')));

	// If the install overrides the database adapter, we might need to load
	// the database adapter class before we can push on the database config.
	// This config is locked and can't be edited from the web UI anyway.
	foreach (PhabricatorEnv::getEnvConfig('load-libraries') as $library) {
	phutil_load_library($library);
	}

	// If custom libraries specify config options, they won't get default
	// values as the Default source has already been loaded, so we get it to
	// pull in all options from non-phabricator libraries now they are loaded.
	$default_source->loadExternalOptions();

	// If this install has site config sources, load them now.
	$site_sources = id(new PhutilSymbolLoader())
	->setAncestorClass('PhabricatorConfigSiteSource')
	->loadObjects();
	$site_sources = msort($site_sources, 'getPriority');
	foreach ($site_sources as $site_source) {
	$stack->pushSource($site_source);
	}

	try {
	$stack->pushSource(
	id(new PhabricatorConfigDatabaseSource('default'))
	->setName(pht('Database')));
	} catch (AphrontQueryException $exception) {
	// If the database is not available, just skip this configuration
	// source. This happens during `bin/storage upgrade`, `bin/conf` before
	// schema setup, etc.
	}
	}

	public static function repairConfig($key, $value) {
	if (!self::$repairSource) {
	self::$repairSource = id(new PhabricatorConfigDictionarySource(array()))
	->setName(pht('Repaired Config'));
	self::$sourceStack->pushSource(self::$repairSource);
	}
	self::$repairSource->setKeys(array($key => $value));
	self::dropConfigCache();
	}

	public static function overrideConfig($key, $value) {
	if (!self::$overrideSource) {
	self::$overrideSource = id(new PhabricatorConfigDictionarySource(array()))
	->setName(pht('Overridden Config'));
	self::$sourceStack->pushSource(self::$overrideSource);
	}
	self::$overrideSource->setKeys(array($key => $value));
	self::dropConfigCache();
	}

	public static function getUnrepairedEnvConfig($key, $default = null) {
	foreach (self::$sourceStack->getStack() as $source) {
	if ($source === self::$repairSource) {
	continue;
	}
	$result = $source->getKeys(array($key));
	if ($result) {
	return $result[$key];
	}
	}
	return $default;
	}

	public static function getSelectedEnvironmentName() {
	$env_var = 'PHABRICATOR_ENV';

	$env = idx($_SERVER, $env_var);

	if (!$env) {
	$env = getenv($env_var);
	}

	if (!$env) {
	$env = idx($_ENV, $env_var);
	}

	if (!$env) {
	$root = dirname(phutil_get_library_root('phabricator'));
	$path = $root.'/conf/local/ENVIRONMENT';
	if (Filesystem::pathExists($path)) {
	$env = trim(Filesystem::readFile($path));
	}
	}

	return $env;
	}

	public static function calculateEnvironmentHash() {
	$keys = self::getKeysForConsistencyCheck();

	$values = array();
	foreach ($keys as $key) {
	$values[$key] = self::getEnvConfigIfExists($key);
	}

	return PhabricatorHash::digest(json_encode($values));
	}

	/**
	* Returns a summary of non-default configuration settings to allow the
	* "daemons and web have different config" setup check to list divergent
	* keys.
	*/
	public static function calculateEnvironmentInfo() {
	$keys = self::getKeysForConsistencyCheck();

	$info = array();

	$defaults = id(new PhabricatorConfigDefaultSource())->getAllKeys();
	foreach ($keys as $key) {
	$current = self::getEnvConfigIfExists($key);
	$default = idx($defaults, $key, null);
	if ($current !== $default) {
	$info[$key] = PhabricatorHash::digestForIndex(json_encode($current));
	}
	}

	$keys_hash = array_keys($defaults);
	sort($keys_hash);
	$keys_hash = implode("\0", $keys_hash);
	$keys_hash = PhabricatorHash::digestForIndex($keys_hash);

	return array(
	'version' => 1,
	'keys' => $keys_hash,
	'values' => $info,
	);
	}


	/**
	* Compare two environment info summaries to generate a human-readable
	* list of discrepancies.
	*/
	public static function compareEnvironmentInfo(array $u, array $v) {
	$issues = array();

	$uversion = idx($u, 'version');
	$vversion = idx($v, 'version');
	if ($uversion != $vversion) {
	$issues[] = pht(
	'The two configurations were generated by different versions '.
	'of Phabricator.');

	// These may not be comparable, so stop here.
	return $issues;
	}

	if ($u['keys'] !== $v['keys']) {
	$issues[] = pht(
	'The two configurations have different keys. This usually means '.
	'that they are running different versions of Phabricator.');
	}

	$uval = idx($u, 'values', array());
	$vval = idx($v, 'values', array());

	$all_keys = array_keys($uval + $vval);

	foreach ($all_keys as $key) {
	$uv = idx($uval, $key);
	$vv = idx($vval, $key);
	if ($uv !== $vv) {
	if ($uv && $vv) {
	$issues[] = pht(
	'The configuration key "%s" is set in both configurations, but '.
	'set to different values.',
	$key);
	} else {
	$issues[] = pht(
	'The configuration key "%s" is set in only one configuration.',
	$key);
	}
	}
	}

	return $issues;
	}

	private static function getKeysForConsistencyCheck() {
	$keys = array_keys(self::getAllConfigKeys());
	sort($keys);

	$skip_keys = self::getEnvConfig('phd.variant-config');
	return array_diff($keys, $skip_keys);
	}


	/* -( Reading Configuration )---------------------------------------------- */


	/**
	* Get the current configuration setting for a given key.
	*
	* If the key is not found, then throw an Exception.
	*
	* @task read
	*/
	public static function getEnvConfig($key) {
	if (isset(self::$cache[$key])) {
	return self::$cache[$key];
	}

	if (array_key_exists($key, self::$cache)) {
	return self::$cache[$key];
	}

	$result = self::$sourceStack->getKeys(array($key));
	if (array_key_exists($key, $result)) {
	self::$cache[$key] = $result[$key];
	return $result[$key];
	} else {
	throw new Exception("No config value specified for key '{$key}'.");
	}
	}


	/**
	* Get the current configuration setting for a given key. If the key
	* does not exist, return a default value instead of throwing. This is
	* primarily useful for migrations involving keys which are slated for
	* removal.
	*
	* @task read
	*/
	public static function getEnvConfigIfExists($key, $default = null) {
	try {
	return self::getEnvConfig($key);
	} catch (Exception $ex) {
	return $default;
	}
	}


	/**
	* Get the fully-qualified URI for a path.
	*
	* @task read
	*/
	public static function getURI($path) {
	return rtrim(self::getAnyBaseURI(), '/').$path;
	}


	/**
	* Get the fully-qualified production URI for a path.
	*
	* @task read
	*/
	public static function getProductionURI($path) {
	// If we're passed a URI which already has a domain, simply return it
	// unmodified. In particular, files may have URIs which point to a CDN
	// domain.
	$uri = new PhutilURI($path);
	if ($uri->getDomain()) {
	return $path;
	}

	$production_domain = self::getEnvConfig('phabricator.production-uri');
	if (!$production_domain) {
	$production_domain = self::getAnyBaseURI();
	}
	return rtrim($production_domain, '/').$path;
	}

	public static function getAllowedURIs($path) {
	$uri = new PhutilURI($path);
	if ($uri->getDomain()) {
	return $path;
	}

	$allowed_uris = self::getEnvConfig('phabricator.allowed-uris');
	$return = array();
	foreach ($allowed_uris as $allowed_uri) {
	$return[] = rtrim($allowed_uri, '/').$path;
	}

	return $return;
	}


	/**
	* Get the fully-qualified production URI for a static resource path.
	*
	* @task read
	*/
	public static function getCDNURI($path) {
	$alt = self::getEnvConfig('security.alternate-file-domain');
	if (!$alt) {
	$alt = self::getAnyBaseURI();
	}
	$uri = new PhutilURI($alt);
	$uri->setPath($path);
	return (string)$uri;
	}


	/**
	* Get the fully-qualified production URI for a documentation resource.
	*
	* @task read
	*/
	public static function getDoclink($resource, $type = 'article') {
	$uri = new PhutilURI('https://secure.phabricator.com/diviner/find/');
	$uri->setQueryParam('name', $resource);
	$uri->setQueryParam('type', $type);
	$uri->setQueryParam('jump', true);
	return (string)$uri;
	}


	/**
	* Build a concrete object from a configuration key.
	*
	* @task read
	*/
	public static function newObjectFromConfig($key, $args = array()) {
	$class = self::getEnvConfig($key);
	return newv($class, $args);
	}

	public static function getAnyBaseURI() {
	$base_uri = self::getEnvConfig('phabricator.base-uri');

	if (!$base_uri) {
	$base_uri = self::getRequestBaseURI();
	}

	if (!$base_uri) {
	throw new Exception(
	"Define 'phabricator.base-uri' in your configuration to continue.");
	}

	return $base_uri;
	}

	public static function getRequestBaseURI() {
	return self::$requestBaseURI;
	}

	public static function setRequestBaseURI($uri) {
	self::$requestBaseURI = $uri;
	}

	/* -( Unit Test Support )-------------------------------------------------- */


	/**
	* @task test
	*/
	public static function beginScopedEnv() {
	return new PhabricatorScopedEnv(self::pushTestEnvironment());
	}


	/**
	* @task test
	*/
	private static function pushTestEnvironment() {
	self::dropConfigCache();
	$source = new PhabricatorConfigDictionarySource(array());
	self::$sourceStack->pushSource($source);
	return spl_object_hash($source);
	}


	/**
	* @task test
	*/
	public static function popTestEnvironment($key) {
	self::dropConfigCache();
	$source = self::$sourceStack->popSource();
	$stack_key = spl_object_hash($source);
	if ($stack_key !== $key) {
	self::$sourceStack->pushSource($source);
	throw new Exception(
	'Scoped environments were destroyed in a diffent order than they '.
	'were initialized.');
	}
	}


	/* -( URI Validation )----------------------------------------------------- */


	/**
	* Detect if a URI satisfies either @{method:isValidLocalURIForLink} or
	* @{method:isValidRemoteURIForLink}, i.e. is a page on this server or the
	* URI of some other resource which has a valid protocol. This rejects
	* garbage URIs and URIs with protocols which do not appear in the
	* `uri.allowed-protocols` configuration, notably 'javascript:' URIs.
	*
	* NOTE: This method is generally intended to reject URIs which it may be
	* unsafe to put in an "href" link attribute.
	*
	* @param string URI to test.
	* @return bool True if the URI identifies a web resource.
	* @task uri
	*/
	public static function isValidURIForLink($uri) {
	return self::isValidLocalURIForLink($uri) \|\|
	self::isValidRemoteURIForLink($uri);
	}


	/**
	* Detect if a URI identifies some page on this server.
	*
	* NOTE: This method is generally intended to reject URIs which it may be
	* unsafe to issue a "Location:" redirect to.
	*
	* @param string URI to test.
	* @return bool True if the URI identifies a local page.
	* @task uri
	*/
	public static function isValidLocalURIForLink($uri) {
	$uri = (string)$uri;

	if (!strlen($uri)) {
	return false;
	}

	if (preg_match('/\s/', $uri)) {
	// PHP hasn't been vulnerable to header injection attacks for a bunch of
	// years, but we can safely reject these anyway since they're never valid.
	return false;
	}

	// Chrome (at a minimum) interprets backslashes in Location headers and the
	// URL bar as forward slashes. This is probably intended to reduce user
	// error caused by confusion over which key is "forward slash" vs "back
	// slash".
	//
	// However, it means a URI like "/\evil.com" is interpreted like
	// "//evil.com", which is a protocol relative remote URI.
	//
	// Since we currently never generate URIs with backslashes in them, reject
	// these unconditionally rather than trying to figure out how browsers will
	// interpret them.
	if (preg_match('/\\\\/', $uri)) {
	return false;
	}

	// Valid URIs must begin with '/', followed by the end of the string or some
	// other non-'/' character. This rejects protocol-relative URIs like
	// "//evil.com/evil_stuff/".
	return (bool)preg_match('@^/([^/]\|$)@', $uri);
	}


	/**
	* Detect if a URI identifies some valid linkable remote resource.
	*
	* @param string URI to test.
	* @return bool True if a URI idenfies a remote resource with an allowed
	* protocol.
	* @task uri
	*/
	public static function isValidRemoteURIForLink($uri) {
	try {
	self::requireValidRemoteURIForLink($uri);
	return true;
	} catch (Exception $ex) {
	return false;
	}
	}


	/**
	* Detect if a URI identifies a valid linkable remote resource, throwing a
	* detailed message if it does not.
	*
	* A valid linkable remote resource can be safely linked or redirected to.
	* This is primarily a protocol whitelist check.
	*
	* @param string URI to test.
	* @return void
	* @task uri
	*/
	public static function requireValidRemoteURIForLink($uri) {
	$uri = new PhutilURI($uri);

	$proto = $uri->getProtocol();
	if (!strlen($proto)) {
	throw new Exception(
	pht(
	'URI "%s" is not a valid linkable resource. A valid linkable '.
	'resource URI must specify a protocol.',
	$uri));
	}

	$protocols = self::getEnvConfig('uri.allowed-protocols');
	if (!isset($protocols[$proto])) {
	throw new Exception(
	pht(
	'URI "%s" is not a valid linkable resource. A valid linkable '.
	'resource URI must use one of these protocols: %s.',
	$uri,
	implode(', ', array_keys($protocols))));
	}

	$domain = $uri->getDomain();
	if (!strlen($domain)) {
	throw new Exception(
	pht(
	'URI "%s" is not a valid linkable resource. A valid linkable '.
	'resource URI must specify a domain.',
	$uri));
	}
	}


	/**
	* Detect if a URI identifies a valid fetchable remote resource.
	*
	* @param string URI to test.
	* @param list<string> Allowed protocols.
	* @return bool True if the URI is a valid fetchable remote resource.
	* @task uri
	*/
	public static function isValidRemoteURIForFetch($uri, array $protocols) {
	try {
	self::requireValidRemoteURIForFetch($uri, $protocols);
	return true;
	} catch (Exception $ex) {
	return false;
	}
	}


	/**
	* Detect if a URI identifies a valid fetchable remote resource, throwing
	* a detailed message if it does not.
	*
	* A valid fetchable remote resource can be safely fetched using a request
	* originating on this server. This is a primarily an address check against
	* the outbound address blacklist.
	*
	* @param string URI to test.
	* @param list<string> Allowed protocols.
	- * @return void
	+ * @return pair<string, string> Pre-resolved URI and domain.
	* @task uri
	*/
	public static function requireValidRemoteURIForFetch(
	$uri,
	array $protocols) {

	$uri = new PhutilURI($uri);

	$proto = $uri->getProtocol();
	if (!strlen($proto)) {
	throw new Exception(
	pht(
	'URI "%s" is not a valid fetchable resource. A valid fetchable '.
	'resource URI must specify a protocol.',
	$uri));
	}

	$protocols = array_fuse($protocols);
	if (!isset($protocols[$proto])) {
	throw new Exception(
	pht(
	'URI "%s" is not a valid fetchable resource. A valid fetchable '.
	'resource URI must use one of these protocols: %s.',
	$uri,
	implode(', ', array_keys($protocols))));
	}

	$domain = $uri->getDomain();
	if (!strlen($domain)) {
	throw new Exception(
	pht(
	'URI "%s" is not a valid fetchable resource. A valid fetchable '.
	'resource URI must specify a domain.',
	$uri));
	}

	$addresses = gethostbynamel($domain);
	if (!$addresses) {
	throw new Exception(
	pht(
	'URI "%s" is not a valid fetchable resource. The domain "%s" could '.
	'not be resolved.',
	$uri,
	$domain));
	}

	foreach ($addresses as $address) {
	if (self::isBlacklistedOutboundAddress($address)) {
	throw new Exception(
	pht(
	'URI "%s" is not a valid fetchable resource. The domain "%s" '.
	'resolves to the address "%s", which is blacklisted for '.
	'outbound requests.',
	$uri,
	$domain,
	$address));
	}
	}
	+
	+ $resolved_uri = clone $uri;
	+ $resolved_uri->setDomain(head($addresses));
	+
	+ return array($resolved_uri, $domain);
	}


	/**
	* Determine if an IP address is in the outbound address blacklist.
	*
	* @param string IP address.
	* @return bool True if the address is blacklisted.
	*/
	public static function isBlacklistedOutboundAddress($address) {
	$blacklist = self::getEnvConfig('security.outbound-blacklist');

	return PhutilCIDRList::newList($blacklist)->containsAddress($address);
	}

	public static function isClusterRemoteAddress() {
	$address = idx($_SERVER, 'REMOTE_ADDR');
	if (!$address) {
	throw new Exception(
	pht(
	'Unable to test remote address against cluster whitelist: '.
	'REMOTE_ADDR is not defined.'));
	}

	return self::isClusterAddress($address);
	}

	public static function isClusterAddress($address) {
	$cluster_addresses = PhabricatorEnv::getEnvConfig('cluster.addresses');
	if (!$cluster_addresses) {
	throw new Exception(
	pht(
	'Phabricator is not configured to serve cluster requests. '.
	'Set `cluster.addresses` in the configuration to whitelist '.
	'cluster hosts before sending requests that use a cluster '.
	'authentication mechanism.'));
	}

	return PhutilCIDRList::newList($cluster_addresses)
	->containsAddress($address);
	}

	/* -( Internals )---------------------------------------------------------- */


	/**
	* @task internal
	*/
	public static function envConfigExists($key) {
	return array_key_exists($key, self::$sourceStack->getKeys(array($key)));
	}


	/**
	* @task internal
	*/
	public static function getAllConfigKeys() {
	return self::$sourceStack->getAllKeys();
	}

	public static function getConfigSourceStack() {
	return self::$sourceStack;
	}

	/**
	* @task internal
	*/
	public static function overrideTestEnvConfig($stack_key, $key, $value) {
	$tmp = array();

	// If we don't have the right key, we'll throw when popping the last
	// source off the stack.
	do {
	$source = self::$sourceStack->popSource();
	array_unshift($tmp, $source);
	if (spl_object_hash($source) == $stack_key) {
	$source->setKeys(array($key => $value));
	break;
	}
	} while (true);

	foreach ($tmp as $source) {
	self::$sourceStack->pushSource($source);
	}

	self::dropConfigCache();
	}

	private static function dropConfigCache() {
	self::$cache = array();
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Wed, Nov 5, 10:56 PM (18 h, 27 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 319073
Default Alt Text: (66 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions